The Agent Skills Directory

REMOTE_CODE_EXECUTION (MEDIUM): The skill executes Python validation scripts (hooks) located in the 00-system/hooks/ directory. This provides a mechanism for executing arbitrary code if a malicious script is placed in that folder. Specific scripts mentioned include validate-structure.py, validate-markdown.py, and validate-maps.py.
COMMAND_EXECUTION (MEDIUM): The 'Auto-Fix' feature performs file system operations, including regenerating navigation maps and recreating templates. These operations involve writing to the local filesystem and could be used to corrupt or overwrite critical files if the agent is manipulated.
PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection due to its broad file-scanning nature.
Ingestion points: Reads all files within 02-Projects/, 00-system/Skills/, and Memory/ directories.
Boundary markers: None present; the skill does not use delimiters to isolate untrusted file content from its own instructions.
Capability inventory: The skill can execute Python subprocesses and perform file-write operations.
Sanitization: No sanitization is performed on the data ingested from user projects or skill files before it is processed or included in the final report.
DATA_EXFILTRATION (LOW): The skill has read access to sensitive system and user areas, including the entire Memory/ and Projects/ directories, to perform its integrity checks.

validate-system